Add: Object class violation error on adding password policies

Question

While adding the password policy in the openldap file it throws error While running from the command line

root@openldap-server:/etc/ldap/slapd.d# ldapadd -D cn=admin,dc=zariga,dc=com -w password -f passwordpolicy.ldif
adding new entry "cn=DefaultPPolicy,ou=Policies,dc=zariga,dc=com"
ldap_add: Object class violation (65)
    additional info: no structural object class provided

This is the LDIF file

dn: cn=DefaultPPolicy,ou=Policies,dc=zariga,dc=com
cn: DefaultPPolicy
objectClass: pwdPolicy
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 3024000
pwdExpireWarning: 1814400
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 9
pwdMaxFailure: 4
pwdLockout: TRUE
pwdLockoutDuration: 600
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE

Answer 1

You're trying to add an object to LDAP with only pwdPolicy objectClass which is defined as AUXILIARY (see Password Policy for LDAP Directories, ch. 5.1) and every object added to LDAP server must have a STRUCTURAL objectClass.

You need to change your LDIF file to include one STRUCTURAL objectClass like device (or any other that you fancy but it's type is STRUCTURAL).

For instance:

dn: cn=DefaultPPolicy,ou=Policies,dc=zariga,dc=com
cn: DefaultPPolicy
objectClass: device
objectClass: pwdPolicy
objectClass: top
...